Importing a smartphone? Beware of viruses

Buying a cheap Android phone online might seem like a good deal, but if you don’t know who the manufacturer is, you might be getting more than you bargained for. That’s certainly true for people who purchased the Star N9500 from Amazon or eBay: an Android phone packed with pre-installed malware.

The Star N9500 has malicious software installed at the deepest level of the phone’s system, meaning it cannot be removed by the user (according to Germany security company G Data). It also hides inside the popular Play Store, the default location for Android app purchases.

What does it do?

The malware – named Uupay.D – steals personal data and sends it to computers in China. It’s unclear exactly what information the malware takes, but it’s safe to assume that with such deep-level access to the phone, all of your information (including your pictures and email passwords) could be spirited away to the far east.

Aside from that, the malware also allows remote users to access your phone and install other pieces of malware, essentially opening the door to any number of malicious attacks. It’s a really horrible set-up, and one that is completely unavoidable once you start using the phone.

How can I avoid it?

If it didn’t come with complementary malware, the Star N9500 could be considered a great deal – it’s a powerful phone with some high-end features, retailing for around €150. That’s much less than the slightly better equivalents from Samsung or LG.

In truth, it’s an old rule that can help you avoid being caught out: “if it’s too good to be true, it usually isn’t”. A phone this good, at such a small price? Something has to be amiss.

G Data believe that the phones are being deliberately sold for such a low price to attract consumers, whose data the criminals can steal and sell on for much more money. Scary.

This discovery won’t fill Android users with confidence, particularly as 97% of mobile malware is aimed at the devices. However, it’s important to remember that of that 97%, only 0.1% comes through the official Google Play store.

As long as you restrict yourself to using Google’s controlled environment (much like Apple does with the iPhone), you’ll be as safe as any mobile user.